Improve integration with other access modules

There is a great module for improving access modules collaboration - Module Grants. This module changes drupal's node access logic from OR to AND. So, permission for user to do some operation on some node will be given only if all access modules will allow it.

I'm tried to make Content Access and Workflow modules work together with AND logic. But Content Access uses drupal's built-in permission and this cause some problems.

Look into node_access() function (Module Grants replacement for this function is little different, but this part is the same).

  // ... some standard checks ...
  $module = node_get_types('module', $node);
  if ($module == 'node') {
    $module = 'node_content';
  }
  $access = module_invoke($module, 'access', $op, $node, $account);
  if (!is_null($access)) {
    return $access;
  }
  // ... proceed with module's grants ...

In most cases node_content_access() function will be used. Here part of it.

  // ...
  if ($op == 'update') {
    if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
      return TRUE;
    }
  }

  if ($op == 'delete') {
    if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
      return TRUE;
    }
  }
  // ...

As you can see, if user have update or delete permissions enabled, access will be allowed, and modules grants will be ignored.

Current implementation of Content Access not allowed to use it with another access modules. Inherently, Content Access gives only two grants: view any, view own. And this is sad.

I propose to create option for Content Access "Use built-in Drupal's permissions for edit/delete operations", which will be enabled by default.